LIS Compliance with Accreditation and Regulatory Agencies

1
LIS Compliance with Accreditation and Regulatory
Agencies

• Association for Pathology Informatics (API)
  Course
• September 9, 2007
• Walter H. Henricks, M.D.
• Director, Center for Pathology Informatics
• Cleveland Clinic

2
Learning Objectives

• Anticipate documentation requirements related to
  various LIS activities
• Evaluate a prospective or current LIS with
  respect to system functionality that is necessary
  to meet accreditation requirements
• Avoid pitfalls in meeting accreditation
  requirements
• Ensure appropriate involvement by Medical Director

3
Disclosure

• I am a (volunteer) Commissioner in the Laboratory
  Accreditation Program of the College of American
  Pathologists

4
Goals of Todays Session

• Provide an overview of accreditation requirements
  and best practices, organized by types of
  requirements
• Present requirements/practices in format that is
  useful as a checklist or quick reference to the
  types of items that laboratories must ensure that
  are in place.
• Questions and discussion

5
LIS Compliance Tends to be a Dry Topic
6
Accreditation as Basis for Best Practices with
LISs

• Multiple regulatory and accrediting agencies have
  requirements related to data management and
  laboratory computer systems.
• To great extent, requirements overlap.
• Accreditation requirements are not just a burden,
  but are a framework that labs can use to ensure
  best practices.

7
Regulatory/Accrediting Bodies Pertinent to LISs

• U. S. government
• CMS
• FDA
• CAP
• The Joint Commission
• COLA
• AABB
• FACT

8
Outline of LIS Accreditation Topics

• Documentation
• Data security
• Autoverification
• Reports and EMR environment
• Medical director responsibilities

9
LIS Procedures, Policies, and Processes

• LIS procedures
• laboratory staff and IT staff
• necessary to do job duties
• available to all users
• LIS support procedure, including vendor and
  emergency contact
• Procedure and schedule for hardware/software
  maintenance
• Procedures to prevent unauthorized software
  installation
• Policies specifying who may use system to
• View or enter patient data
• Change results or billing
• Alter programs

10
LIS Procedures, Policies, and Processes (cont.)

• Processes to verify integrity of the system after
  restoration of data files
• Process to monitor system performance and storage
  capacity to meet patient care needs
• Downtime procedures
• Complete downtime
• Partial downtime
• LIS itself or key interfaces with other systems
• Disaster recovery procedures
• HIPAA compliance procedures

11
Validation Documentation Required

• All programs when installed and after any
  modifications
• Blood bank/transfusion medicine check possible
  permutations of processes
• Reference ranges passing with each result
• Calculations initially, annually, when changes
  are made
• Autoverification rules
• Transmission of patient results to all types of
  patient reports, printed and electronic

12
Documentation of Doing

• Hardware modifications
• Customized programs
• Service and repair records hardware and
  software
• Ongoing evaluation of system maintenance records
• Responses to error messages during system backup
• System downtime, degradation, and other problems

13
Training

• Availability of computer procedure manuals to all
  users
• Training before implementation, at system
  modifications, new system
• Documentation of training activities

14
Data Security and Integrity

• System integrity checks after restoration of data
  files
• Access codes, privilege levels, account
  management
• Internet data security (e.g. VPNs, firewalls)
• Complete copy of original test reports
• Protection of storage media
• Computer error messages and responses
• Emergency service
• Disaster recovery

15
Legal Requirements Data Retention(42 CFR
493.1105)

• Records of test requisitions or test
  authorizations 2 years
• Original laboratory report or copy, including
  preliminary and final reports 2 years
• Anatomic pathology reports 10 years
• Immunohematology and transfusion records and
  reports 5 years (21 CFR 606.160(d))
• Instrument printouts (if not interfaced) 2 years

16
Audit Capabilities

• All persons who have added or modified software
• All persons who have entered and/or modified
  patient data or control (definition) files
• Autoverified results
• Results traced back to individual analyzers (e.g.
  chemistry)
• Person performing test and date of test

17
Autoverification

• Policy with Medical Director sign off
• Validation of rules
• QC acceptability
• Computer system automatically checks QC
• Manual disabling of autoverfication if QC fails
  or QC not run
• Identification of all test results that were
  autoverified
• Rapid suspension of autoverification

18
Requirements of Medical Director

• Functionality and reliability of the computer
  system adequate to meet the needs of patient care
• Approval of content and format of all patient
  reports, at least annually whether paper or
  computer screens or electronic medical records
• Policy approving use of autoverification
  procedures

19
Requirements of Medical Director Designee OK

• Review of computer procedures annually not a
  single signature page
• Approval of use of all new programs and
  modifications
• Notification of responsible person of computer
  malfunction
• Determining verification procedures for data
  restoration

20
CLIA Requirement for Results Transmission to EMR

• 42 CFR 493.1291(a) The laboratory must have
  adequate manual or electronic system(s) in place
  to ensure test results and other patient-specific
  data are accurately and reliably sent from the
  point of data entry (whether interfaced or
  entered manually) to final report destination, in
  a timely manner. This includes the
  following(2) Results and patient-specific data
  electronically reported to network or interfaced
  systems

21
Integration Requirements for Laboratory Results
in Health System EMR

• Integrating results from multiple laboratories
  into single EMR presents additional challenges
• Same test performed in different labs may have
  different methodologies that may affect
  interpretation and reference ranges
• Identification of performing lab is important so
  clinicians know whom to contact
• 42 CFR 493.1291(c) The test report must indicate
  the following(c)(2) The name and address of the
  laboratory location where the test was performed.

22
Amended Reports

• Identified as amended on paper and electronic
  forms
• Original result clearly identified and readily
  accessible
• Multiple corrections accommodated sequentially

23
LIS Compliance Need not be a Dry Topic
24
LIS Compliance Summary

• Accreditation requirements can be road map to
  best practices.
• Documentation activities are extensive but are a
  crucial part of demonstrating compliance.
• Medical Director is globally responsible for data
  management in the laboratory, and there is a
  subset of review requirements that cannot be
  delegated.

25
Questions?